Overview

overview

10

Static

static

3

97c902feeb...1f.exe

windows7-x64

10

97c902feeb...1f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/03/2025, 21:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97c902feebf934401e24d65a743a095475814dbfba6465a7e5c3837dde0e4d1f.exe

  • Size

    1.5MB

  • MD5

    b052a29c5f0882c9a2f70dce0411f461

  • SHA1

    619c21406d4db145cdf1d6947e96f210f212467f

  • SHA256

    97c902feebf934401e24d65a743a095475814dbfba6465a7e5c3837dde0e4d1f

  • SHA512

    85497c6fdb77678e3a1f8f619afd7d17b306e5d39e4bd5c9d345b53e68942abb4ce00cb9706f92b2f13aac4ece52e9372e199b5400d1fc7ab10001d32fddc526

  • SSDEEP

    24576:c4BeWGulqEiDYdGL5JpmO9QDJoAOM08/85RkptVIJqG:rGEiDYdyEQcOMjUfkptVxG

Score
10/10
azovpersistenceransomwarewiper

Malware Config

Extracted

Path

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

Family

azov

Ransom Note
Hello, all your files have been damaged without any possible way to recover. Feel free to commit suicide. [Why did you do this to my files?] They asked me to do this... The hatred is that what makes me feel alive. That's what you secretly have fallen in love with. The hatred is the force that drives the life forward. The hell is my paradise. The suffer is the bliss. Others say the hate is what destroys yourself. I say that the hatred is eternal cure. If you feel desperate you lost the files. Use this despair to create the pain for others. Make them hate you, it is the source of your power. Do you think why the people go to schools and kill others? Why do people make terrorist ideologies? Why do governments covertly makes you suffer? It's the essence of the future life. All we are immortal beings. When spiritual is not a way, the antispiritual is your victory point. In the manifested life you have a choice to be with us either be against. Sow the evil, reap the power is what I say to you. Saw the good, reap the weakness is what spiritual says to you. When you hate, you feel the power. You feel the flight. That fly is the antispirit touch. Use this to multiply the suffer. [How can I use this power?] Find inside the source of bliss. If this bliss goes stronger when you see the suffer. That is what I call the source. Check that by looking through the news how people kill others. How the people dies. How children are being tortured. How animals are executed. The death is your key. [How can I give you my power?] When you read this concentrate on the intent to give the energy of your source to the meta-source of this text. Am vizu der strotum la fictus om spiritus.

Signatures

  • Azov

    A wiper seeking only damage, first seen in 2022.

    ransomwarewiperazov
  • Azov family
    azov
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 45 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\97c902feebf934401e24d65a743a095475814dbfba6465a7e5c3837dde0e4d1f.exe
    "C:\Users\Admin\AppData\Local\Temp\97c902feebf934401e24d65a743a095475814dbfba6465a7e5c3837dde0e4d1f.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2144 -s 212
      2⤵
        PID:2544

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt
      Filesize

      3KB

      MD5

      4f3332a48d767cc5bdfdab755d84a450

      SHA1

      d7d583c08e82f39637d8209447c2c9cad1478f01

      SHA256

      a04e8cc0ea5f7e143eba012c2bc470161f1faf9c904eb233f777ced8e6e706ad

      SHA512

      0f60de7622aa69ae0b209a1ed54ec7ba0f6b81b597565e64d41845bec8c471a768ca8622964260c448530f637492aac31a4fc5ec95de147ef2c0d89149c2a66f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log
      Filesize

      1KB

      MD5

      77d13f7b8b38fc04f0657576af17a27a

      SHA1

      72ff1cc10e91b13aaa3651ff01fc27bbd5b944e8

      SHA256

      c1eb85adb4175f9388c1b699f7fd93a1dd31c08005c773ef321ac7e10d9853aa

      SHA512

      83eaebccd522ddae86c2a336b8f9f075f8ec26d125ace0d6d20d9f0ac29f07461956de8beda5b5b48fbcaa7a308c781982f14f2d5b9416dbeeb912f56495fe3a

      Download Submit

    • memory/2144-3-0x0000000000100000-0x0000000000105000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2144-19-0x0000000000100000-0x0000000000105000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2144-0-0x0000000000110000-0x0000000000114000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2144-20-0x0000000000110000-0x0000000000114000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2144-12-0x0000000000100000-0x0000000000105000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2144-11-0x00000000000E0000-0x00000000000E6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2144-2-0x000000013F4E0000-0x000000013F64E000-memory.dmp

      Filesize

      1.4MB

      Download